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DETAILED ACTION 

1. This action is responsive to the communication filed on April 23, 2007. 
Claims 1-23 are pending. At this time, claims 1-23 are rejected. 

Response to Arguments 

2. Applicant's arguments filed April 23, 2007 have been fully considered but 
they are not persuasive for claim 23 under 35 (JSC § 101. 

Applicant argues that: 

Claim 23 recites a computer program product for protecting a computer 
environment, the computer program product being embodied in a computer readable 
medium. An example of a computer readable medium may be found, without limitation, 
at D.3. 11.3-4 of the specification ("... a computer readable medium such as a 
computer readable storage medium ..."). Since the claimed computer program 
product imparts functionality of protecting a computer environment when employed as a 
computer component, it should be considered as "functional descriptive material" 
according to MPEP 2106.01. When functional descriptive material is recorded on some 
computer-readable medium, it becomes structurally and functionally interrelated to the 
medium and will be statutory in most cases since use of technology permits the function 
of the descriptive material to be realized. MPEP 2106.01. A claimed computer-readable 
medium encoded with a computer program is a computer element which defines 
structural and functional interrelationships between the computer program and the rest 
of the computer which permit the computer program's functionality to be realized, and is 
thus statutory. MPEP 2106.01 I. As such, claim 23 is believed to be statutory and 
fulfilling the requirements of 35 U.S.C. 101. 

Examiner disagrees with applicant and applicant's representative and still 

maintain that: 

Although applicant and applicant's representative have pointed out at 
page 3, lines 3-4 of the specification where the computer readable medium is disclosed. 
However, the applicant and applicant's representative do not show the entire description 
of the computer readable medium, at page 3, lines 3-5 of the specification in which a 
computer readable medium such as a computer readable storage medium or a 
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computer network wherein program instructions are sent over optical or 
electronic communication links . The invention's specification is clearly including 
intangible media such as signals, carrier waves, transmissions, optical waves, 
transmission media or other media incapable of being touched or perceived absent the 
tangible medium through which they are conveyed. Therefore, claim 23 recites a non- 
statutory subject matter. In addition, claims 1 and 22 are implemented based on claim 
23, therefore these claims are also non-statutory. 

3. Applicant's arguments filed April 23, 2007, with respect to the rejection(s) 
of claim(s) 1-23 under 35 USC § 102(e) have been fully considered and are persuasive. 
Therefore, the rejection has been withdrawn. However, upon further consideration, a 
new ground(s) of rejection is made in view of Wolff et al (US 7,043,634 B2). 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition 
of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 1-23 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claim 23 recites "a computer program product for protecting a computer 
environment, the computer program product being embodied in a computer readable 
medium and comprising computer instruction for: providing an index; comparing a first 
event with the index; determining whether the first event is unusual; and determining 
whether a security incident associated with the first event has occurred." The claim is 
clearly a software program and it is non-statutory as not being tangibly embodied in a 
manner so as to be executable. Furthermore, applicant has pointed out in the 
specification (first paragraph of page 3) that a computer readable medium such as a 
computer readable storage medium or a computer network wherein program 
instructions are sent over optical or electronic communication links (emphasis 
added), which clearly including intangible media such as signals, carrier waves, 
transmissions, optical waves, transmission media or other media incapable of being 
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touched or perceived absent the tangible medium through which they are conveyed. 
Therefore, claim 23 recites a non-statutory subject matter. 

Claims 1 and 22 are implemented based on claim 23, therefore these 
claims are also non-statutory subject matter. Thus they are rejected with the same 
rationale applied against claim 23 above. 

Claims 2-21 are depended on claim 1, thus they are rejected with the 
same rationale applied against claim 1 above. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 1-3, 9-16, 19-20, and 22-23 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Sameshima et al (US 6,038,564), and further in view of 
Wolff et al (US 7,043,634 B2). 

a. Referring to claim 1: 

i. Sameshima teaches a method for protecting a computer 
environment, comprising: 

(1) providing an index (see Figure 3A, elements 313- 
315 and further details in column 5, lines 58-60 and column 6, lines 9-12 of 
Sameshima); 

(2) comparing a first event with the index (see Figure 3A, 
element 312 and further details in column 5, line 61 through column 6, line 20; 
column 6, lines 46-55 of Sameshima); 

(3) determining whether the first event is unusual 
(column 2, lines 52-55; see also Figures 9 and 10 and more details in column 13, 
lines 21-26 of Sameshima); and 
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(4) determining whether a security incident associated 
with the first event has occurred (column 5, line 63 through column 6, line 1;and 
column 6, lines 52-55 of Sameshima). 

ii. Although Sameshima teaches method and apparatus for 
integrating distributed information over communication network via filtering process, 
Sameshima is silent on the capability of applying the filtering processing device with the 
detection of security incident such as alteration and/or modification of stored computer 
files by hackers. On the other hand, Wolff teaches this limitation in column 1, line 40 
through column 2, line 12 of Wolff. 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Sameshima with the 
teaching of Wolff for detecting of the malicious alteration of stored computer files, such 
as, for example, by computer viruses infecting stored computer files (column 1, lines 9- 
11 of Wolff). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Sameshima with the 

teaching of Wolff to detect if stored computer programs have been subject to computer 
virus infection whereby the computer file is altered by the computer virus (column 1, 
lines 14-16 of Wolff). 

b. Referring to claim 2: 

i. Sameshima further teaches: 

(1) wherein the first event indicates that a file has been 
modified (column 2, lines 39-51 of Sameshima). 

c. Referring to claim 3: 

i. Sameshima further teaches: 

(1) wherein determining whether the first event is unusual 
includes looking up an identifier of a file in the index (column 2, lines 52-55; see also 
Figures 9 and 10 and more details in column 13, lines 21-26 of Sameshima); and 
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wherein the file is associated with the first event (column 5, line 63 through column 6, 
line 1;and column 6, lines 52-55 of Sameshima). 

d. Referring to claim 9-10: 

i. These claims have limitations that is similar to those of claim 
3, thus they are rejected with the same rationale applied against claim 3 above. 

e. Referring to claim 1 1: 

i. Sameshima further teaches: 

(1) wherein determining whether the security incident 
associated with the first event has occurred includes correlating a second event with the 
first event; and the second event is a monitored event (see Figure 8C and further 
details in column 12, lines 9-36 of Sameshima). 

f. Referring to claim 12: 

i. Sameshima further teaches: 

(1) wherein determining whether a security incident 
associated with the first event has occurred includes applying a rule (column 5, lines 
41-51 of Sameshima). 

g. Referring to claim 13: 

i. Sameshima further teaches: 

(1) further comprising determining a priority of the 
security incident if it is determined that a security incident associated with the first event 
has occurred (column 5, line 63 through column 6, line 1;and column 6, lines 52-55 
of Sameshima). 

h. Referring to claim 14: 

i. Sameshima further teaches: 

(1) further comprising determining a degree of 
unusualness for the first event (column 2, lines 52-55; see also Figures 9 and 10 and 
more details in column 13, lines 21-26 of Sameshima). 

i. Referring to claim 15: 

i. Sameshima further teaches: 
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(1) further comprising determining a degree of 
unusualness for the first event (column 2, lines 52-55; see also Figures 9 and 10 and 
more details in column 13, lines 21-26 of Sameshima) and determining a priority of 
the security incident based on the degree of unusualness (column 5, line 63 through 
column 6, line 1 ;and column 6, lines 52-55 of Sameshima). 
j. Referring to claim 16: 

i. Sameshima further teaches: 

(1) wherein the index includes an archive index (see 
Figure 3A, elements 313-315 and further details in column 5, lines 58-60 and 
column 6, lines 9-12 of Sameshima). 

k. Referring to claim 19: 

i. Sameshima further teaches: 

(1) wherein the index includes an archive index stored in 
a database(column 4, lines 55-58 of Sameshima). 
I. Referring to claim 20: 

i. Sameshima further teaches: 

(1) wherein the index includes an archive index stored in 
an extensible markup language (XML) file (column 4, line 66 through column 5, line 2 
of Sameshima). 

m. Referring to claim 22: 

i. This claim consist a system for protecting a computer 
environment to implement claim 1, thus it is rejected with the same rationale applied 
against claim 1 above. 

ii. wherein Sameshima further teaches: 

(1) a memory coupled with the processor, wherein the 
memory is configured to provide the processor with instructions (column 4, lines 37-51 
of Sameshima). 

n. Referring to claim 23: 
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i. This claim consist a computer program product for for 
protecting a computer environment to implement claim 1, thus it is rejected with the 
same rationale applied against claim 1 above. 

8. Claims 4-8, 17-18, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sameshima et al (US 6,038,564), in view of Wolff et al (US 7,043,634 
B2), and further in view of Kidder (US 6880086 B2). 

a. Referring to claim 4: 

i. The combination of teaching between Sameshima and Wolff 
teaches the claimed subject matter. Sameshima further teaches the event identifier as 
shown in Figure 3B and further details in column 7, lines 15-21, however they are silent 
on the capability of showing the identifier includes a signature. On the other hand, 
Kidder teaches: 

(1) wherein the identifier includes a signature (column 3, 

lines 33-36 of Kidder). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the modified-invention of Sameshima 
with the teaching of Kidder for provide a quick, easy way to accurately determine the 
upgrade status of each software component (column 3, lines 47-48 of Kidder). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the modified-invention of Sameshima 

with the teaching of Kidder, since signatures are automatically generated for each 
software component as part of putting together a new release a quick comparison of 
two signatures provides an accurate assurance that either the software component has 
changed or has not (column 3, lines 42-47 of Kidder). 

b. Referring to claim 5: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Kidder further 
teaches: 
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(1) wherein the identifier includes a signature generated 
by a hash function (column 89, lines 15-19 and lines 24-28 of Kidder). 

c. Referring to claim 6: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Kidder further 
teaches: 

(1) the identifier includes a signature generated by a 
checksum function (column 88, lines 65-67 of Kidder). 

d. Referring to claim 7: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Sameshima 
and Kidder further teaches: 

(1) wherein the first event indicates that a file has been 
modified (column 2, lines 39-51 of Sameshima), and determining whether the file 
modification is unusual includes comparing a number of occurrences of the file in the 
index (column 2, lines 52-55; see also Figures 9 and 10 and more details in 
column 13, lines 21-26 of Sameshima) with a threshold (column 171, lines 40-52 of 
Kidder). 

d. Referring to claim 8: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Sameshima 
and Kidder further teaches: 

(1) wherein the first event indicates that a file has been 
modified (column 2, lines 39-51 of Sameshima), and determining whether the 
security incident associated with the first event (column 5, line 63 through column 6, 
line 1;and column 6, lines 52-55 of Sameshima) has occurred includes comparing 
a number of occurrences of the file in the index (column 2, lines 52-55; see also 
Figures 9 and 10 and more details in column 13, lines 21-26 of Sameshima) with a 
threshold. 

e. Referring to claim 17: 
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i. This claim has limitations that is similar to those of claim 4, 
thus it is rejected with the same rationale applied against claim 4 above. 

f. Referring to claim 18: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Sameshima 
and Kidder further teaches: 

(1) wherein the index includes an archive index (see 
Figure 3A, elements 313-315 and further details in column 5, lines 58-60 and 
column 6, lines 9-12 of Sameshima) that includes file revision information (column 
86, lines 1-8 of Kidder). 

g. Referring to claim 21: 

i. The combination of teaching between Sameshima, Wolff, 
and Kidder teaches the method for protecting a computer environment. Kidder further 
teaches: 

(1) wherein the index is cached (column 160, lines 9-10 

of Kidder). 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 
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